Cyber Incident Victim: Hof van Twente
Date:
Dec 2020
Location:
Netherlands
Summary
A Dutch municipality experienced a severe cyber attack that forced a complete shutdown of all computer systems, rendering employees unable to access their workstations. The attackers destroyed server-stored data, compromising residents' sensitive personal information. Authorities reported the incident to national data protection regulators, law enforcement, and municipal associations, though the perpetrators and their motives remained unidentified. The breach caused significant operational disruption to local government services and data integrity.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 0 motives | 1 technique |
| Threat Actors | Type | Location |
|---|---|---|
| 0 actors | Available to members | Available to members |
Description
On the morning of December 6, 2020, employees of the Hof van Twente municipality in the Netherlands discovered they could not access their computer systems, triggering an investigation that revealed a severe cyber attack. Unidentified attackers had compromised the municipality's digital infrastructure, forcing a complete shutdown of all computer systems to contain the breach. The attackers not only disrupted operations but also destroyed data stored on municipal servers, including privacy-sensitive information belonging to residents. The municipality promptly reported the incident to critical national authorities including the Dutch Ministry of the Interior, the Dutch Data Protection Authority (AP), and the Association of Netherlands Municipalities (VNG). A criminal report was simultaneously filed with law enforcement to initiate a forensic investigation. No immediate claims of responsibility or ransom demands were disclosed publicly, leaving the perpetrators' identity and motives unconfirmed.
The cyber attack paralyzed municipal operations by rendering all digital services inoperable, directly impacting administrative functions and public service delivery. Destruction of server data compounded the crisis by compromising resident information, though specific data categories or volumes remained unspecified in initial disclosures. Recovery efforts focused on assessing infrastructure damage and restoring basic functionality while authorities coordinated response protocols. The incident highlighted systemic vulnerabilities in local government IT networks, though technical details about attack vectors or malware variants were not released publicly. Hof van Twente's transparency in notifying regulatory bodies reflected compliance with national data breach reporting frameworks despite the operational chaos. Ongoing investigations by cybersecurity experts and law enforcement sought to determine the attack's origin and full scope as the municipality worked to rebuild its digital environment from compromised foundations.